Output from the clang static analyzer ( http://clang-analyzer.llvm.org/
)
for nginx-0.7.63
That’s a pretty cool tool. Surprising though that some really
simplistic stuff generated false positives, e.g.:
“Value stored to ‘qclass’ is never read”
qtype = (an->type_hi << 8) + an->type_lo;
qclass = (an->class_hi << 8) + an->class_lo;
len = (an->len_hi << 8) + an->len_lo;
ngx_log_debug3(NGX_LOG_DEBUG_CORE, r->log, 0,
“resolver qt:%ui cl:%ui len:%uz”, qtype, qclass,
len);
Cliff
pretty tool.
Hello!
On Wed, Nov 04, 2009 at 02:59:01PM -0800, Akins, Brian wrote:
Output from the clang static analyzer ( http://clang-analyzer.llvm.org/ )
for nginx-0.7.63
Intresting, thanks. I’ve played with clang a bit, but haven’t
tried it’s static analyzer yet. This one:
http://www.akins.org/scan-build-2009-11-04-1/report-E52fnq.html#EndPath
seems to be real bug (though really rare one, may happen only on
low memory conditions during configuration parsing and only when
close() call returned error for some reason).
Unfortunately others looks like false positives. I’ve tried it on
debug build and this eliminated some dead assignments reported,
but introduced null pointer dereference false positives in code
working with queues. Probably adding some assert()'s will make
nginx’s code a bit more analyzer friendly…
Maxim D.
On Wed, 04 Nov 2009 16:51:50 -0800, Cliff wrote:
That’s a pretty cool tool. Surprising though that some really
simplistic stuff generated false positives, e.g.:
Clang is going to be a great thing. I am already using the compiler in a
daily basis for building plain-C stuff (e.g. Nginx itself), and both the
compilation speed and the generated code are speedy. There are even some
cases where Clang generates slightly better object code than GCC, see:
The static analyzer is a nice bonus, but as you mention, it produces
some
false positives – but I prefer a picky tool that prodces some false
positives than a loose one that misses some potential bugs. After all,
it is
up to the programmer, who really knows the intention of the code, to
decide
which warnings are real bugs 
Br.
Hello!
On Wed, Nov 04, 2009 at 04:51:50PM -0800, Cliff W. wrote:
That’s a pretty cool tool. Surprising though that some really
simplistic stuff generated false positives, e.g.:“Value stored to ‘qclass’ is never read”
qtype = (an->type_hi << 8) + an->type_lo;
qclass = (an->class_hi << 8) + an->class_lo;
len = (an->len_hi << 8) + an->len_lo;
ngx_log_debug3(NGX_LOG_DEBUG_CORE, r->log, 0,
“resolver qt:%ui cl:%ui len:%uz”, qtype, qclass, len);
Brian aparently analyzed build without debug, and ngx_log_debug3()
resolves to nop there. So it’s not really false positive, but
wrapping such cases into “#if (NGX_DEBUG)” just to make analyzer
happy looks like overkill.
Maxim D.
On 11/4/09 6:13 PM, “Maxim D.” [email protected] wrote:
);
Brian aparently analyzed build without debug, and ngx_log_debug3()
resolves to nop there.
Yes, did it with a “normal” build, so that explains that.
I saw that a lot of “errors” are false positives but thought it was
interesting, so I passed it along.